HELP!! Hacked using Blockchain.info! Someone sent my BTC AWAY!

[Mark_Twain]

Hi friends, help me please, i just imported some BTC from my paper wallet via Blockchain.info this was my paper wallet public adress

https://blockchain.info/address/1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo

It was sent another adress of mine this one: https://blockchain.info/pt/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ this adress was inside my wallet at Blockchain.info webclient.

Then i ve send 4.7131 to another adress of mine 18hZHGUkLSs9dUMJWQ5jHRVpBLZrKB8G2r

But in my wallet it shows another crazy transaction to an UNKNOWN adress, and this transaction kind of RIPS the rest of my whole funds! The transaction goes to this adress:  https://blockchain.info/pt/address/17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2

This is the UNWANTED TRANSACTION:  10c226cc42d80b11249f304f817397e9a30039134afeb9abca181b38a100c55e

Is that possible to track this IP who ordered that? Is that a chance to protect me from that? Maybe paint the coins, HELP!

This is the unwanted transaction, please somebody tell me what may be happening, if there is some miners over there, please don't accept that one, shit, don't know what to do, please help me, i thought this problem of the private key being stoled was already adressed by Blockchain.info... Why the change from the first transaction was sent to the same adress? Somebody please give me a light...

Thanks,

Mark

[Mark_Twain]

I cant believe somebody just stole 10BTC from me, please help
No expert out there? I ve heard before that it is risky to send BTC from the same adress more than 1 time, maybe that was what happened, please someone help... How can i contact Blockchain.info developers??? Why they havent corrected this flaw???

[gannicus]

There is nothing you can do, your BTCs are lost.

[Mark_Twain]

I know, but how can i track that adress who stole my coins?

Is there any service out there? And how about this flaw in Blockchain.info system? Why they just don't DELETE the adress that has already been used and automatically create a new adress of mine if i m sending not all the coins from one adress?

[Mark_Twain]

Just found this thing, anyone knows anything else?

http://www.coindesk.com/what-should-we-do-with-stolen-bitcoins/

[not.you]

The fact that it happened immediately after you did your transaction suggests maybe there is malware on the computer you used.  Something may have recorded your keystrokes to log in to the blockchain wallet. Unless you turned on logging on your blockchain account I don't think you can get the IP of the person who accessed your wallet.

[Mark_Twain]

Malware? You mean my computer is being watched?

[BurtW]

Tell me more about this address

https://blockchain.info/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ

Your history with this address shows:

1 BTC deposit on 7/31
1 BTC withdrawal on 8/12 - leaves a zero balance

Later...

14.7037 deposit today @ 20:19
4.7131 withdrawal today, 5 minutes later, change of 9.9905 goes back to this same address

9.9905 sent to 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 about 6 minutes later, still unspent as of this post.

Where did this 1NXboo address come from - in other words how was it generated?

Exactly how did you do the transaction

https://blockchain.info/tx/144c397690d441a48a989cc58499b4a761be21f5157c6fa666aeb34eaa52ce0b

What client did you use?  Did you ask for the change to go back to the same address or did the client do that automatically?  Where was the client running (PC, phone, etc.)?

[Mark_Twain]

This Adress https://blockchain.info/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ belongs to my wallet inside of Blockchain.info , i m using as a browser cllient on Mozilla Firefox.

The deposit today of 14.7037 BTC @ 20:19 was done from me when i redeemed a private key from my paper wallet, the public key of my paper wallet was https://blockchain.info/pt/address/1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo

The 4.7131 BTC withdrawal today was made from me. The change of 9.9905 went back to this same address AUTOMATICALLY and was sent to 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 about 6 minutes later, BUT IT WAS NOT SENT BY ME! When i wanted to distribute the funds to another wallet my account on Blockchain.info was ripped!


To make this transaction https://blockchain.info/tx/144c397690d441a48a989cc58499b4a761be21f5157c6fa666aeb34eaa52ce0b
i just sent the amount i wanted to some other adress of mine. Just pushed the send button at the webclient, it worked.

But the sending to this adress 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 was NOT SEND BY ME! And it was the larger amount of BTC!

I m really sad... there it goes my money so hardly earned! Please if anybody help me to recover those coins i swear i will give a present for you.

[BurtW]

Next questions:

In your blockchain.info wallet on the "recieve money" tab how many addresses are show?  Do any or them say (watch only)?  If so how many of them are watch only?

Back to the 1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ address:  was it automatically generated by blockchain.info?  Did you press the "new address" button OR was it imported from somewhere (paper or brain wallet)?  You first used it back in July.  Do you remember if it was imported or generated and how it was generated?   


Have you ever used blockchain.info on your phone using the phone ap?

Are you going to blockchain.info through the web interface or are you using a browswer plug in?  I assume you are just using the web interface.

Finally:  how many characters is your blockchain.info password?  Do you use 2FA on your blockchain.info account?

[Mark_Twain]

Those are the adresses in my receive list:

1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ (this was my first adress from blockchain.info, it was generated automatically by the website, that i remember i never pressed the "new adress" button in the webclient, but i did it at the Ipod client since i did a sync of this wallet with a blockchain app in a Ipod touch, and i used a couple of times)
12dEHPdNVBjByZEZ7kJjLH574FUnZrfStQ
1JPYNFPWvzsthiGZWWKNED2Lgd9dJbUo3K
1NkptN3nBviUED92FqZL4E9EEYTRcfAbDE
1HbnDpDocF9y6hyptnSp2ucUJqh5jzHMnj (imported from a paper wallet)
1A73FmupXc5brwcc9X4uXs7fHJJpu5VUKd (imported from a paper wallet)
1Bc6aYTdzEsGZT2jBDYgL66HV5jyRGSPJf (imported from a paper wallet)
1NY9Z3vcJHpY2WQabRxEK8fxQduKEceYF2 (imported from a paper wallet)
1H4gLKQB1CB7UsEbyBgPH7TheMywRxu6Ra (imported from a paper wallet)
1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo (this adress was imported the paper wallet, here were my funds, there is 2 options of importing private keys at blockchain.info, one is sending the funds to some already existing adress the second one is bringing the adress to inside of your wallet. First i claimed the coins, then the adress in a desperate attempt to get any coin back)

After i saw i was stolen i added the suspicious adress as watch only and added a label like this:
STOLEN COINS PLEASE SEND THEM BACK TO THE ADRESS THEY WERE STOLED FROM - 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 (Watch Only)

All of this happened by using the blockchain.info through the web interface.

My password at blockchain.info has 11 characters, i didn't use the 2FA on my account there.

Hey BurtW thanks for looking at this issue, i apreciate that, just the fact you are listening i can see some of MY security flaws...

But sad.... sad day!!!! Man....

[BurtW]

1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ (this was my first adress from blockchain.info, it was generated automatically by the website, that i remember i never pressed the "new adress" button in the webclient, but i did it at the Ipod client since i did a sync of this wallet with a blockchain app in a Ipod touch, and i used a couple of times)

Do you still have the ipod ap?  Can you look in there and see if your coins are in the ipod?  They might be there (maybe)

[BurtW]

Also, on your blockchain.info account please go to the home page, then account settings, then logging and see if another IP address besides your own has been logging into your account.

[Mark_Twain]

Hi, BurtW, just saw the App as i told you it Syncs with the webclient, the adress 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 where the stolen-lost coins are in "watch only" as the webclient.

I can't see the IPs that used my webclient at the time of the theft because this feature was disabled, i just enabled it but can't see past Logs....  

Just found 2 similar posts with much more coins lost

https://bitcointalk.org/index.php?topic=277595.new#new

and

https://bitcointalk.org/index.php?topic=277601.100

[BurtW]

How often and exactly how do you back up your blockchain.info wallet?  Is it possible someone could have gotten ahold of one of your wallet backups?

I am about out of ideas so, as a last resort, it is time to check your system for a key logger, etc.

Sorry I could not be of more help.

[BurtW]

I noticed you have started posting your problem in multiple theads.  Please stop that.  It will not help your situation and will only piss off those who are here trying to help you.

BTW one of the very first things I checked was whether or not the two transactions from your address had the same R values (a know weakness in ECDSA) and they do not.  That is not your issue.

However, since the key pair was created a pretty long time ago there may have been an issue with the way it was created way back then (possibly a bad PRNG) but I cannot prove that one way or another.

[Mark_Twain]

Hey BuryW, I m sorry for posting in multile threads, i was freaking out, just wanted to have maximun feedback as possible, i am stoping to do that. You are the person who is helping me more anyway with your analisys.

How do i check for Key loggers? Are those the guys that steal passwords that i type in my computer? If that was the case then it would mean that the coins were STOLEN right? But the coins remain there in this adress since the "hack"... then, i don't know. Do you know any coin following service? Or painting coin service (just to prepare in the case the coins will be sent away from there)

And if it was a bad PRNG who is to blame? I know the first one to blame is myself but if i can t do anything about, the least it will be for me a very expensive lesson, i have to learn what was the problem, where did i make a mistake. (i can see during our conversation some mistakes like, do not enablin 2FA, do not enabling IP Logging, Sending the coins to an already used adress, i didnt empty the whole wallet...)

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.

The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

Thanks for your attention

[icey]

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.
The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

This must be the problem.. You may have a RAT\Keylogger installed. What security software you running?

[mayax]

Hey BuryW, I m sorry for posting in multile threads, i was freaking out, just wanted to have maximun feedback as possible, i am stoping to do that. You are the person who is helping me more anyway with your analisys.

How do i check for Key loggers? Are those the guys that steal passwords that i type in my computer? If that was the case then it would mean that the coins were STOLEN right? But the coins remain there in this adress since the "hack"... then, i don't know. Do you know any coin following service? Or painting coin service (just to prepare in the case the coins will be sent away from there)

And if it was a bad PRNG who is to blame? I know the first one to blame is myself but if i can t do anything about, the least it will be for me a very expensive lesson, i have to learn what was the problem, where did i make a mistake. (i can see during our conversation some mistakes like, do not enablin 2FA, do not enabling IP Logging, Sending the coins to an already used adress, i didnt empty the whole wallet...)

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.

The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

Thanks for your attention

Contact the Bitcoin central authority and report the stolen funds. Oh, I forgot, Bitcoin is not reversible and nobody can help you to recover your funds even your account was hacked. "Free Bitcoin", right?

[BurtW]

Contact the Bitcoin central authority and report the stolen funds. Oh, I forgot, Bitcoin is not reversible and nobody can help you to recover your funds even your account was hacked. "Free Bitcoin", right?

Put up or shut up you spineless steaming pile of FUD.

You appear to be lost.  This is not the thread you were looking for.  Try this one:

https://bitcointalk.org/index.php?topic=374295.0